In many cases, the end of the year gives you time to step back and take stock of the last 12 months. This is when many of us take a hard look at what worked and what did not, complete performance reviews, and formulate plans for the coming year. For me, it is all of those things plus a time when I u...

Veracode,
Inc., the leader in cloud-based application security testing,
encourages application developers to take a more proactive role in
securing applications as part of a larger call to action to protect
companies from vulnerabilities. Each year, companies spend billions of
dollars on outsourcing software development, yet very little is spent on
security verification, resulting in security breaches caused by software
vulnerabilities.

Veracode also aims to limit the amount of security checks companies have
to make when purchasing third-party applications by offering to
developers a web-based eLearning
training program. The online courses provide developers with
certification and CPE credits and teach developers secure coding for ASP.NET,
J2EE and C/C++. eLearning also aims to help developers measure and
track their development progress and comply with ISO regulations and
industry standards such as SANS Application Security Procurement
Contract Language.

“The simple fact is that if someone wants your intellectual property,
they are going to use the software you bought, built or outsourced to
get it,” said Chris Eng, vice president of research, Veracode. “We
developed these eLearning courses to provide developers with the
guidelines and best practices that they should take to ensure the
security of their customers.”

Veracode suggests that by following its eLearning development
suggestions, developers will be able to:

Protect companies from vulnerabilities.
With the vast amount of threats that constantly pressure companies and
government, it is important to ensure that the software applications
these organizations utilize are completely secure. To certify
applications are free of vulnerabilities, several processes must be
employed within the Secure
Development Lifecycle (SDLC), including testing the application’s
security controls at each stage of development. Such tests include static
analysis, dynamic
analysis or penetration
testing.

Preserve data, IP and brand reputation.
Some of the most critical application security flaws, including Cross
Site Scripting (XSS) and broken authentication, allow for easy
exploitation where attackers can completely take over the software,
steal data, or prevent the software from working at all. In order to
prevent these flaws, security practices must be integrated within the
SDLC, and security of internally developed applications must be
verified before they are deployed. Additionally, staying on top of
patches and software updates can help bring attention to previously
undiscovered flaws.

Perform business as usual. During
the SDLC, developers must model an application, scan the code, check
the quality and ensure that it meets regulations, on top of building a
unique and useful application. Automated secure development testing
tools help developers adhere to these development steps, while
finding and fixing security issues at the same time. Veracode offers
these services as well as secure development training so that
developers can gain further education and insight into security issues
they may have created.

Veracode wants all developers to keep these guidelines in mind when
creating applications, as they allow them to detect flaws, test the
security features of the applications, and ensure the customer’s data is
protected above all else.

About Veracode

Veracode
is the only independent provider of cloud-based application
intelligence and security
verification services. The Veracode platform provides the fastest,
most comprehensive solution to improve the security of internally
developed, purchased or outsourced software applications and third-party
components. By combining patented static, dynamic and manual testing,
extensive eLearning capabilities, and advanced application analytics,
Veracode enables scalable, policy-driven application risk management
programs that help identify
and eradicate numerous vulnerabilities by leveraging best-in-class
technologies from vulnerability
scanning to penetration
testing and static
code analysis. Veracode delivers unbiased proof of application
security to stakeholders across the software supply chain while
supporting independent audit and compliance requirements for all
applications no matter how they are deployed, via the web, mobile or in
the cloud. Veracode works with customers in more than 80 countries
worldwide representing Global 2000 brands. For more information, visit www.veracode.com,
follow on Twitter: @Veracode
or read the Veracode
Blog.

While some developers care passionately about how data centers and clouds are architected, for most, it is only the end result that matters. To the majority of companies, technology exists to solve a business problem, and only delivers value when it is solving that problem. 2017 brings...

Enterprises are adopting Kubernetes to accelerate the development and the delivery of cloud-native applications. However, sharing a Kubernetes cluster between members of the same team can be challenging. And, sharing clusters across multiple teams is even harder.
Kubernetes offers sev...

High-velocity engineering teams are applying not only continuous delivery processes, but also lessons in experimentation from established leaders like Amazon, Netflix, and Facebook. These companies have made experimentation a foundation for their release processes, allowing them to try...

"We're developing a software that is based on the cloud environment and we are providing those services to corporations and the general public," explained Seungmin Kim, CEO/CTO of SM Systems Inc., in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa ...

"CA has been doing a lot of things in the area of DevOps. Now we have a complete set of tool sets in order to enable customers to go all the way from planning to development to testing down to release into the operations," explained Aruna Ravichandran, Vice President of Global Marketin...

Agile has finally jumped the technology shark, expanding outside the software world. Enterprises are now increasingly adopting Agile practices across their organizations in order to successfully navigate the disruptive waters that threaten to drown them. In our quest for establishing c...